[azurerm_api_management] private_ip_addresses is not marked as will be replaced when we change the subnet

[peruzzof]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.5.7

AzureRM Provider Version

3.72.0

Affected Resource(s)/Data Source(s)

azurerm_api_management

Terraform Configuration Files

resource "azurerm_resource_group" "main" {
  name     = "my-rg"
  location = "north europe"
}
resource "azurerm_api_management" "main" {
  name                = "test"
  resource_group_name = azurerm_resource_group.main.name
  location            = azurerm_resource_group.main.location

  publisher_name       = "ACME Inc"
  publisher_email      = "void@acme.inc"
  sku_name             = "Developer"
  virtual_network_type = "Internal"

  virtual_network_configuration {
    subnet_id = azurerm_subnet.apim.id
  }

  identity {
    type = "SystemAssigned"
  }
}

resource "azurerm_subnet" "apim" {
  name                = "my-subnet"
  resource_group_name = azurerm_resource_group.main.name

  virtual_network_name = "mab-vnet"
  address_prefixes     = ["10.0.0.0/8"]

  service_endpoints = [
    "Microsoft.EventHub",
    "Microsoft.KeyVault",
    "Microsoft.ServiceBus",
    "Microsoft.Sql",
    "Microsoft.Storage"
  ]
}

Debug Output/Panic Output

Error: Provider produced inconsistent final plan

When expanding the plan for azurerm_application_gateway.agw to include new
values learned so far during apply, provider
"registry.terraform.io/hashicorp/azurerm" produced an invalid new value for
.backend_address_pool: planned set element
cty.ObjectVal(map[string]cty.Value{"fqdns":cty.SetValEmpty(cty.String),
"id":cty.StringVal("/subscriptions/301973fc-c666-4847-a9c6-aa48343974b3/resourceGroups/mab-ne-rg-test-shared-01/providers/Microsoft.Network/applicationGateways/mab-ne-agw-test-shared-01/backendAddressPools/scalable-appgateway-pool-test"),
"ip_addresses":cty.SetVal([]cty.Value{cty.StringVal("10.101.100.5")}),
"name":cty.StringVal("scalable-appgateway-pool-test")}) does not correlate
with any element in actual.

Expected Behaviour

It will mark the apim internal ip as being replaced

Actual Behaviour

APIM is marking only the subnetid as to be replaced

Steps to Reproduce

1. Terraform apply
2. Change the address prefix of the subnet
3. terraform plan

Important Factoids

No response

References

No response

[sinbai]

@peruzzof thanks for opening this issue. I would like to confirm that you mean terraform should make private_ip_addresses property to be replaced when changing the address prefix of the subnet, correct? If yes, this is by design since private_ip_addresses is a read-only property but not a user settable property.

[peruzzof]

Let me elaborate further.

This property is being used for the backend configuration of my Application Gateway and the "terraform plan" is not planning this change, but during apply phase the value changed and I get this error:

Error: Provider produced inconsistent final plan

When expanding the plan for azurerm_application_gateway.agw to include new
values learned so far during apply, provider
"registry.terraform.io/hashicorp/azurerm" produced an invalid new value for
.backend_address_pool: planned set element
cty.ObjectVal(map[string]cty.Value{"fqdns":cty.SetValEmpty(cty.String),
"id":cty.StringVal("/subscriptions/XXXXXXXXXXX/resourceGroups/XXXXXXX/providers/Microsoft.Network/applicationGateways/XXXXXXX/backendAddressPools/XXXXXX-appgateway-pool-test"),
"ip_addresses":cty.SetVal([]cty.Value{cty.StringVal("10.101.100.5")}),
"name":cty.StringVal("XXXXX-appgateway-pool-test")}) does not correlate
with any element in actual.